Working Groups and Committees
H-ISAC is a community of peers in the health sector. One of the important ways in which this community comes together to lead and drive solutions for the industry is through committees and working groups.
We hope you will join, participate, and help lead the healthcare sector.
Joint Working Groups
H-ISAC Working Groups are created by the members, for the members. The working groups leverage the H-ISAC health community to address specific problems in various topics. Working groups serve as discussion forums and create products such as re-usable templates, policies, best practices, etc. Any member is welcome to join any working group. If you are an H-ISAC Member and you are interested in joining or starting a working group, please contact membership.
Cybersecurity Analytics Working Group
This group is working to establish a strategic approach to analytics development and sharing in order to promote open collaboration among the healthcare community. Leveraging MITRE’s Adversary Tactics, Techniques & Common Knowledge (ATT&CK) framework, each member organization conducts independent research on specific cybersecurity threat tactics. The group meets regularly to share research results, refine the common analytic sharing model, and promote continuous improvement by the member community.
Cyber Threat Intelligence Program Development (CTIPD) Working Group
This working group’s purpose is to facilitate and promote discussion regarding the development of Cyber Threat Intelligence programs within member organizations of all sizes, with the intentions of developing best practices and guidance to provide the tools necessary to build a CTI program tailored to your organizational needs.
Cybersecurity Awareness and Training Working Group
The purpose of this working group is to develop a mechanism whereby members can share ideas and tangible assets that can be leveraged to support the cybersecurity education and awareness programs of our H-ISAC member community.
Diversity and Inclusion Working Group
The working group’s purpose is to provide a platform to support discussion and sharing of best practices that enable a commitment to equality and representation for practitioners from all walks of life and ensuring those from under-represented socioeconomic backgrounds, ethnicities, sexual orientations, gender, mental normative status, able-bodied-ness, and nationality have a forum to encourage outreach, participation and advocacy.
Identity and Access Management (IAM) Working Group
Information Protection Working Group
IT M&A Integration and Divestitures Working Group
This group’s goal is to provide an opportunity to gain insight, perspective, and knowledge sharing with M&A IT experts across the life sciences industry including opportunities for consistent terminology, mature processes, and value proposition of IT M&A structure.
IS Risk Management Working Group
The focus of this group will be to share experiences, tactics, wins, and challenges to evolve our collective capabilities and enable the focus of our organizations. Goals include: Share best practices across risk management methods, services, and outcomes; Reduce the impact of threats from adversaries by better understanding the risks that can or will affect us (protecting information and reputation of the sector); Improve efficiency and effectiveness of security risk management operations; Explore opportunities of opportunities of sharing risk tactics or actually risks so that we can build a collective risk/threat landscape; Learn from each other’s accomplishments and challenges; Surface innovative ways to progress the risk management discipline; Define collective best practices for our ISAC; Build partnerships in industry; and Produce measurable, usable outcomes from this working group that members and future members can consume to leapfrog their IS risk management practices.
Pharma and Healthcare Insider Threat Working Group
The working group aims to develop new ideas around Insider Threat programs specific to the pharmaceutical and healthcare sectors, by using discussions and round tables to discover new options and potential solutions for monitoring, detection, and prevention of insider threats.
Pharma and Supply Chain Working Group
This group is finding innovative ways to detect cyber security risks to the delivery of medical care supplies and lower the risk to the organization that may be vulnerable to attacks by former employees, contractors, or potential hackers who look to compromise critical systems and steal health records. The group shares ideas, cyber threat information and will generate resources to address the sharing of indicators of compromise (IOC) or indicators of attack (IOA) as well as information about the threat actors that could negatively affect technology within the pharma and supply community. Goals include: Establish (or adopt) a minimum standard for sharing of cyber security threat information within our vertical of healthcare, Assist with supporting the smaller pharma and supply organizations with shared knowledge, Increase the type of information sharing methods for cyber threat information sharing, Develop easier ways to share the threat intelligence we collective gather, and Assist with training and threat intelligence sharing campaigns.
Provider Special Interest Council
The purpose of this work group is to find innovative ways to improve cybersecurity while not impeding patient care to lower the risk to the organization that may be vulnerable to attacks by the former employees, contractors, or potential hackers who look to compromise critical systems and steal health records. The goals of the Provider Working Group are to share ideas and best practices to address the new technology within the provider community. Focus areas include: Establish (or adopt) a minimum standard for cybersecurity, Establish standards for telehealth technology, Assist with supporting the smaller provider organizations, Increase the share of methods for cybersecurity and data protection, Develop patient/employee friendly cybersecurity approaches, and Assist with training and awareness campaigns.
Purple Team Working Group
The Purple Team Working Group aims to help teams grow their purple teaming and threat detection capabilities. Intial goals are building guidance and offering perspective on items such as: metrics for purple team excersises, purple team tooling – the pros and cons of open-souorce tooling, streamlining existing processes with automation. The ultimate hope is these will help to demonstrate value to leadership and expand the benefit of purple teaming in the healthcare vertical.
Security Architecture Working Group
The Security Architecture Working Group will share experiences, best practices, lessons learned, ideas, and non-proprietary technical products which will enable members to accelerate efforts to address security challenges, ensure end to end security protections and controls and maximize security investments. The group will exchange and establish standards for security architecture and policy use cases, continuous improvement strategies, security efficacy and other KPI metrics, vendor solution assessments and experiences, portable reusable code and other non-proprietary information.
Security Engineering Working Group
The Security Engineering Working Group will share experiences, best practices, lessons learned, ideas, and non-proprietary technical products which will enable members to accelerate efforts to address security challenges, ensure end to end security protections and controls and maximize security investments. The group will exchange and establish standards for security engineering and policy use cases, continuous improvement strategies, security efficacy and other KPI metrics, vendor solution assessments and experiences, portable reusable code and other non-proprietary information.
Software Security Working Group
This group’s mission is to advance the security of software applications and systems in the Health Sector by advocating the integration of security processes, guidance, tools and governance into the System Development Life Cycle (SDLC). This advocacy will be the direct result of crowd-sourcing expertise from across the member community and providing it back to the community as consumable products. The working group will focus not only on raising awareness of common, current issues but also future, next generation issues and practices.
Third Party Risk Governance (TPRG) Working Group
This working group aims to evolve our collective capabilities and enable the focus of our organizations in implementing a best – in – class third party risk management program by following these objectives:
Share and learn best practices to mitigate risks posed by third parties
Improve efficiency and effectiveness of third party risk management operating components
Enhance understanding of a third party’s information security program maturity through shared experiences
Explore opportunities of sharing risk tactics or risk areas so that we can build a collective risk/threat landscape
Joint Working Groups
H-ISAC Joint Working Groups serve the same function as its Working Groups; however, Joint Working Groups leverage non-member participation as well in order to accomplish their objectives.
Incident Response Working Group
This group has currently partnered and working jointly under the Health Sector Coordinating Council’s Incident Response Business Continuity (IRBC) Task Group and includes members from HSCC and HHS’s 405(d) Working Group. Their shared focus will center on experiences, tactics, wins, and challenges to evolve our collective incident response capabilities and develop robust, sustainable programs in order to minimize damage from incidents and improve information security practices in our industry. Goals include producing a template playbook, supplemental collateral, and usable outcomes that will allow users to consume and leapfrog their incident response practices.
Committees support official programs of the Health-ISAC. The Committees help serve a governance function and bring member input into the shaping of H-ISAC services. Since Committees serve a specific program function, membership to committees is not open membership. Any member that is interested in serving on a Committee may contact Membership to find out whether the Committee has an opening and the process for applying.
Business Resilience Committee
The Business Resilience Committee will support the operations of the H-ISAC Resilience Program. The BRC will focus on identifying non-cybersecurity all hazard threats relevant to the health sector, determine the associated risks and appropriate security considerations, and support the Health-ISAC Threat Operations Center (TOC) to share that information broadly to the Health-ISAC members. During times of crisis, the Business Resilience Committee will provide systemic incident response guidance, analyze incidents, and facilitate impact assessment and crisis escalation on behalf of the sector. The Business Resilience Committee will have primary oversight over physical events affecting the sector, will coordinate actions during a crisis, and will be the primary control point for the Physical Threat Alert Level for the sector.
Diversity and Inclusion Committee
The focus of this group is to provide a member voice to bring together H-ISAC Members to generate and pursue ideas for Improving Diversity and Inclusion within their organizations. Members of this group will share best practices and ideas that will help scope and implement change. As a community that cares, we are looking at expanding our leadership opportunities, summit scholarship and internship programs, speaking events, roundtable discussions, and webinars/events.
The purpose of H-ISAC’s European Council is to advance and foster the mission of H–ISAC by facilitating an infrastructure and community that focuses on the issues and threats European organizations and members face.
The mission of the H-ISAC Identity Committee is to provide H–ISAC Leadership advice regarding Identity & Authentication Management (IAM) issues, help set the strategy, goals and objectives for the IAM Working Group.
Medical Device Security Information Sharing Council (MDSISC)
The Health Information Sharing and Analysis Center (H-ISAC) established the Medical Device Security Information Sharing Council (MDSISC) on October 1, 2015. The mission of the MDSISC is to bring together stakeholders in the medical device security arena to develop solutions, identify best practices and facilitate the exchange of information that will result in a more efficient and secure use of medical devices and related practices. Membership is open to medical device manufacturers and stakeholders of the medical device security community that conduct their activities consistent with H-ISAC’s Operating Rules including Non-Disclosure Agreement, health industry regulations and best practices, and the highest ethical standards.
Threat Intelligence Committee
The Threat Intelligence Committee (TIC) is responsible for looking at the cyber threat landscape for the health and public health (HPH) sector and developing strategic direction for the ISAC community to anticipate and prepare for threats. The TIC helps facilitate the planning, coordination, collection, trending, processing and analysis, production of white papers and other materials and dissemination of primarily cyber threat intelligence for the HPH sector through engagement with internal and external stakeholders. The H-ISAC Threat Intelligence Committee is a closed working group.